From f5c30203bf9d473521b3fdfce870103acdb76baa Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Sat, 15 Nov 2025 18:32:56 +0100 Subject: [PATCH 1/2] [Feature] [Platform] Request ID & Header Standardization --- CHANGELOG.md | 1 + integrations/envoy/auth/v3/impl/impl.go | 2 + .../envoy/auth/v3/impl/request_id/impl.go | 52 +++++++++++++++++++ .../resources/config_map_gateway.go | 12 +++++ pkg/util/constants/envoy.go | 7 +-- 5 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 integrations/envoy/auth/v3/impl/request_id/impl.go diff --git a/CHANGELOG.md b/CHANGELOG.md index a9abb42b0..8adc7023f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ - (Bugfix) (Platform) Fix Monitoring RBAC - (Feature) (Platform) Do not require LM during install commands - (Feature) (Platform) ArangoRoute Redirect +- (Feature) (Platform) Request ID & Header Standardization ## [1.3.1](https://github.com/arangodb/kube-arangodb/tree/1.3.1) (2025-10-07) - (Documentation) Add ArangoPlatformStorage Docs & Examples diff --git a/integrations/envoy/auth/v3/impl/impl.go b/integrations/envoy/auth/v3/impl/impl.go index b65a91acf..9293cafbb 100644 --- a/integrations/envoy/auth/v3/impl/impl.go +++ b/integrations/envoy/auth/v3/impl/impl.go @@ -26,6 +26,7 @@ import ( "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/auth_custom" "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/auth_required" "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/pass_mode" + "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/request_id" "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/required" "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/impl/users" pbImplEnvoyAuthV3Shared "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/shared" @@ -33,6 +34,7 @@ import ( func Factory() pbImplEnvoyAuthV3Shared.Factory { return pbImplEnvoyAuthV3Shared.NewFactory( + request_id.New, required.New, auth_bearer.New, auth_cookie.New, diff --git a/integrations/envoy/auth/v3/impl/request_id/impl.go b/integrations/envoy/auth/v3/impl/request_id/impl.go new file mode 100644 index 000000000..fa92d91e5 --- /dev/null +++ b/integrations/envoy/auth/v3/impl/request_id/impl.go @@ -0,0 +1,52 @@ +// +// DISCLAIMER +// +// Copyright 2025 ArangoDB GmbH, Cologne, Germany +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Copyright holder is ArangoDB GmbH, Cologne, Germany +// + +package request_id + +import ( + "context" + + pbEnvoyCoreV3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + pbEnvoyAuthV3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" + "k8s.io/apimachinery/pkg/util/uuid" + + pbImplEnvoyAuthV3Shared "github.com/arangodb/kube-arangodb/integrations/envoy/auth/v3/shared" + utilConstants "github.com/arangodb/kube-arangodb/pkg/util/constants" +) + +func New(ctx context.Context, configuration pbImplEnvoyAuthV3Shared.Configuration) (pbImplEnvoyAuthV3Shared.AuthHandler, bool) { + return impl{}, true +} + +type impl struct { +} + +func (a impl) Handle(ctx context.Context, request *pbEnvoyAuthV3.CheckRequest, current *pbImplEnvoyAuthV3Shared.Response) error { + var header = pbEnvoyCoreV3.HeaderValueOption{ + Header: &pbEnvoyCoreV3.HeaderValue{ + Key: utilConstants.EnvoyRequestIDHeader, + Value: string(uuid.NewUUID()), + }, + } + current.Headers = append(current.Headers, &header) + current.ResponseHeaders = append(current.ResponseHeaders, &header) + + return nil +} diff --git a/pkg/deployment/resources/config_map_gateway.go b/pkg/deployment/resources/config_map_gateway.go index b4ecd5506..a65f5240f 100644 --- a/pkg/deployment/resources/config_map_gateway.go +++ b/pkg/deployment/resources/config_map_gateway.go @@ -417,6 +417,18 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto return errors.Errorf("Unknown route destination type %s", target.Type) } + dest.Path = util.NewType(target.Path) + dest.Timeout = target.Timeout.DeepCopy() + dest.AuthExtension = &gateway.ConfigAuthZExtension{ + AuthZExtension: map[string]string{ + pbImplEnvoyAuthV3Shared.AuthConfigAuthRequiredKey: util.BoolSwitch[string](target.Authentication.Type.Get() == networkingApi.ArangoRouteSpecAuthenticationTypeRequired, pbImplEnvoyAuthV3Shared.AuthConfigKeywordTrue, pbImplEnvoyAuthV3Shared.AuthConfigKeywordFalse), + pbImplEnvoyAuthV3Shared.AuthConfigAuthPassModeKey: string(target.Authentication.PassMode), + }, + } + dest.ResponseHeaders = map[string]string{ + utilConstants.EnvoyRouteHeader: at.GetName(), + utilConstants.EnvoyRouteHeaderV2: at.GetName(), + } cfg.Destinations[target.Route.Path] = dest routes[at.GetName()] = &pbInventoryV1.InventoryNetworkingRoute{ diff --git a/pkg/util/constants/envoy.go b/pkg/util/constants/envoy.go index 51239c7f8..3bf7a62b6 100644 --- a/pkg/util/constants/envoy.go +++ b/pkg/util/constants/envoy.go @@ -21,7 +21,10 @@ package constants const ( - EnvoyRouteHeader = "arangodb-platform-route" + // Deprecated: Use EnvoyRouteHeaderV2 instead + EnvoyRouteHeader = "arangodb-platform-route" + EnvoyRouteHeaderV2 = "X-Arango-Platform-Route" + EnvoyRequestIDHeader = "X-Arango-Platform-Request-Id" EnvoyInventoryConfigDestination = "/_inventory" EnvoyInventoryHashConfigDestination = "/_inventory.hash" @@ -32,6 +35,4 @@ const ( EnvoyIntegrationSidecarFilterName = "envoy.filters.http.ext_authz" EnvoyIntegrationSidecarCluster = "integration_sidecar" - - EnvoyIntegrationSidecarClusterHTTP = "integration_sidecar_http" ) From 887ff3268531f8253a67e1fcb4d5d63d18239e6b Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Tue, 18 Nov 2025 11:44:19 +0000 Subject: [PATCH 2/2] Iter --- .../resources/config_map_gateway.go | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/pkg/deployment/resources/config_map_gateway.go b/pkg/deployment/resources/config_map_gateway.go index a65f5240f..7d67ee6b2 100644 --- a/pkg/deployment/resources/config_map_gateway.go +++ b/pkg/deployment/resources/config_map_gateway.go @@ -363,7 +363,8 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto dest.Match = util.NewType(gateway.ConfigMatchPath) dest.Type = util.NewType(gateway.ConfigDestinationTypeRedirect) dest.ResponseHeaders = map[string]string{ - utilConstants.EnvoyRouteHeader: at.GetName(), + utilConstants.EnvoyRouteHeader: at.GetName(), + utilConstants.EnvoyRouteHeaderV2: at.GetName(), } dest.AuthExtension = &gateway.ConfigAuthZExtension{ AuthZExtension: map[string]string{ @@ -411,24 +412,12 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto }, } dest.ResponseHeaders = map[string]string{ - utilConstants.EnvoyRouteHeader: at.GetName(), + utilConstants.EnvoyRouteHeader: at.GetName(), + utilConstants.EnvoyRouteHeaderV2: at.GetName(), } default: return errors.Errorf("Unknown route destination type %s", target.Type) } - - dest.Path = util.NewType(target.Path) - dest.Timeout = target.Timeout.DeepCopy() - dest.AuthExtension = &gateway.ConfigAuthZExtension{ - AuthZExtension: map[string]string{ - pbImplEnvoyAuthV3Shared.AuthConfigAuthRequiredKey: util.BoolSwitch[string](target.Authentication.Type.Get() == networkingApi.ArangoRouteSpecAuthenticationTypeRequired, pbImplEnvoyAuthV3Shared.AuthConfigKeywordTrue, pbImplEnvoyAuthV3Shared.AuthConfigKeywordFalse), - pbImplEnvoyAuthV3Shared.AuthConfigAuthPassModeKey: string(target.Authentication.PassMode), - }, - } - dest.ResponseHeaders = map[string]string{ - utilConstants.EnvoyRouteHeader: at.GetName(), - utilConstants.EnvoyRouteHeaderV2: at.GetName(), - } cfg.Destinations[target.Route.Path] = dest routes[at.GetName()] = &pbInventoryV1.InventoryNetworkingRoute{